syzbot

 sign-in | mailing list | source | docs
🐞 Open [1430]
Subsystems
🐞 Fixed [6918]
🐞 Invalid [18006]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in can_receive (3)

Status: upstream: reported C repro on 2025/09/05 13:36
Subsystems: can
[Documentation on labels]
Reported-by: syzbot+4b8a1e4690e64b018227@syzkaller.appspotmail.com
First crash: 411d, last: 38d
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] net: core: Initialize new header to zero in pskb_expand_head 4 (4) 2025/11/11 07:40
[syzbot] [can?] KMSAN: uninit-value in can_receive (3) 0 (1) 2025/09/05 13:36
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net 21 C 138977 1085d 1437d 22/29 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in can_receive (2) can 7 C 2060 1919d 2014d 15/29 fixed on 2020/11/16 12:12
upstream KMSAN: uninit-value in can_receive can 7 C 14 2190d 2279d 15/29 fixed on 2020/02/18 14:31
Last patch testing requests (7)
Created Duration User Patch Repo Result
2026/02/12 18:52 2h10m retest repro upstream OK log
2026/02/12 16:49 3h58m retest repro upstream OK log
2025/12/04 15:50 30m retest repro upstream report log
2025/08/19 14:18 49m edumazet@google.com patch upstream report log
2025/07/13 18:30 2h47m retest repro upstream report log
2025/05/04 04:24 26m retest repro upstream report log
2025/02/23 01:21 27m retest repro upstream report log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in can_receive+0x12c/0x4a0 net/can/af_can.c:656
 can_receive+0x12c/0x4a0 net/can/af_can.c:656
 canfd_rcv+0x1ff/0x3b0 net/can/af_can.c:705
 __netif_receive_skb_one_core net/core/dev.c:6139 [inline]
 __netif_receive_skb+0x477/0xac0 net/core/dev.c:6252
 process_backlog+0x47c/0x9f0 net/core/dev.c:6604
 __napi_poll+0xd8/0x880 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0xa3f/0x1c90 net/core/dev.c:7883
 handle_softirqs+0x169/0x6e0 kernel/softirq.c:622
 __do_softirq+0x14/0x1b kernel/softirq.c:656
 do_softirq+0x58/0x90 kernel/softirq.c:523
 __local_bh_enable_ip+0xa1/0xb0 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:936 [inline]
 __dev_queue_xmit+0x3bb4/0x58e0 net/core/dev.c:4846
 dev_queue_xmit include/linux/netdevice.h:3381 [inline]
 can_send+0xffa/0x1390 net/can/af_can.c:279
 bcm_can_tx+0x97d/0xd90 net/can/bcm.c:326
 bcm_tx_setup+0x17dc/0x2b70 net/can/bcm.c:1092
 bcm_sendmsg+0x568/0xda0 net/can/bcm.c:1423
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x333/0x3d0 net/socket.c:742
 ____sys_sendmsg+0x7f5/0xcf0 net/socket.c:2592
 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2646
 __sys_sendmsg net/socket.c:2678 [inline]
 __do_sys_sendmsg net/socket.c:2683 [inline]
 __se_sys_sendmsg net/socket.c:2681 [inline]
 __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2681
 x64_sys_call+0x1c60/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd3/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4960 [inline]
 slab_alloc_node mm/slub.c:5263 [inline]
 __do_kmalloc_node mm/slub.c:5656 [inline]
 __kmalloc_node_track_caller_noprof+0xb77/0x1c90 mm/slub.c:5764
 kmalloc_reserve+0x22f/0x4b0 net/core/skbuff.c:608
 pskb_expand_head+0x1fc/0x15d0 net/core/skbuff.c:2282
 netif_skb_check_for_xdp net/core/dev.c:5497 [inline]
 netif_receive_generic_xdp net/core/dev.c:5528 [inline]
 do_xdp_generic+0xa79/0x1690 net/core/dev.c:5596
 __netif_receive_skb_core+0x1b1d/0x4d10 net/core/dev.c:5949
 __netif_receive_skb_one_core net/core/dev.c:6137 [inline]
 __netif_receive_skb+0xcc/0xac0 net/core/dev.c:6252
 process_backlog+0x47c/0x9f0 net/core/dev.c:6604
 __napi_poll+0xd8/0x880 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0xa3f/0x1c90 net/core/dev.c:7883
 handle_softirqs+0x169/0x6e0 kernel/softirq.c:622
 __do_softirq+0x14/0x1b kernel/softirq.c:656

CPU: 0 UID: 0 PID: 21842 Comm: syz.4.4978 Tainted: G             L      syzkaller #0 PREEMPT(none) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
=====================================================

Crashes (632):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/06 04:19 upstream 7f98ab9da046 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/11/20 10:47 upstream 23cb64fb7625 26ee5237 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/11/19 22:55 upstream 8b690556d8fe 26ee5237 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/11/08 02:23 upstream da32d155f4a8 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/10/25 23:05 upstream 9bb956508c9d c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/10/09 21:52 upstream ec714e371f22 7e2882b3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/10/06 09:41 upstream 9b0d551bcc05 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/28 20:37 upstream 8f9736633f8c 001c9061 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/28 01:20 upstream 51a24b7deaae 001c9061 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/27 22:28 upstream 51a24b7deaae 001c9061 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/27 01:51 upstream fec734e8d564 001c9061 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/26 21:14 upstream 4ff71af020ae 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/26 14:18 upstream 4ff71af020ae 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/26 03:15 upstream 4ff71af020ae 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/25 14:20 upstream bf40f4b87761 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/25 13:45 upstream bf40f4b87761 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/24 17:29 upstream cec1e6e5d1ab 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/24 10:18 upstream cec1e6e5d1ab 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/24 07:35 upstream cec1e6e5d1ab 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/23 22:13 upstream cec1e6e5d1ab 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/23 19:44 upstream cec1e6e5d1ab 0ac7291c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/23 12:40 upstream cec1e6e5d1ab 0ac7291c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/23 11:04 upstream cec1e6e5d1ab 0ac7291c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/23 07:31 upstream cec1e6e5d1ab 0ac7291c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/23 01:46 upstream cec1e6e5d1ab 0ac7291c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/22 16:28 upstream 07e27ad16399 0ac7291c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/22 12:40 upstream 07e27ad16399 0ac7291c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/21 23:00 upstream 2d5bd41a4505 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/21 12:30 upstream f975f08c2e89 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/21 04:13 upstream 3b08f56fbbb9 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/21 02:49 upstream 3b08f56fbbb9 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/21 01:19 upstream 3b08f56fbbb9 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/21 01:18 upstream 3b08f56fbbb9 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/19 14:32 upstream 097a6c336d00 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/19 05:13 upstream cbf658dd0941 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/18 21:11 upstream 8b789f2b7602 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/09/18 17:57 upstream 8b789f2b7602 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/08/26 20:29 upstream fab1beda7597 e12e5ba4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/01/15 09:01 upstream c3812b15000c 7315a7cf .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in can_receive
2025/11/19 18:28 upstream 8b690556d8fe 26ee5237 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in can_receive
2025/11/17 09:57 upstream 6a23ae0a96a6 f7988ea4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in can_receive
2025/11/07 13:41 upstream 4a0c9b339199 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in can_receive
2025/11/07 00:13 upstream c2c2ccfd4ba7 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in can_receive
2025/10/15 20:26 upstream 1f4a222b0e33 19568248 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in can_receive
2025/09/22 04:50 upstream 2d5bd41a4505 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in can_receive
* Struck through repros no longer work on HEAD.